research-article

Access controls for privacy protection in pervasive environments

Authors:
Hauke Vagts

Karlsruhe Institute of Technology, Karlsruhe, Germany

Karlsruhe Institute of Technology, Karlsruhe, Germany
View Profile

,
Erik Krempel

Fraunhofer IOSB, Karlsruhe, Germany

Fraunhofer IOSB, Karlsruhe, Germany
View Profile

,
Yvonne Fischer

Karlsruhe Institute of Technology, Karlsruhe, Germany

Karlsruhe Institute of Technology, Karlsruhe, Germany
View Profile

PETRA '11: Proceedings of the 4th International Conference on PErvasive Technologies Related to Assistive EnvironmentsMay 2011Article No.: 52Pages 1–8https://doi.org/10.1145/2141622.2141684

Published:25 May 2011Publication History

PETRA '11: Proceedings of the 4th International Conference on PErvasive Technologies Related to Assistive Environments

Pages 1–8

ABSTRACT

Pervasive Environments (PE) collect and process a massive amount of person-related and sensitive information. Data collected by a single sensor is in most cases not adequate to provide premium services. Information gathered must rather be combined to offer real benefits. The fused data must be secured by access controls to ensure privacy of the users and their trust in PE with it. This work proposes an Object-oriented World Model (OOWM) as a central information source that is filled with information collected from intelligent sensors and can be accessed and manipulated by smart application devices. It is shown how privacy can be enforced in such a centralized component. Privacy requirements must be specified and enforced. Especially conflicts in different requirements, e. g., user- and operator-specific polices, is an open issue. Existing approaches for specification and enforcement of access controls are discussed. An XACML-based approach for privacy in PE is shown and an algorithm for combining privacy policies is presented.

References

A. Anderson. extensible access control markup language (xacml) version 2.0 hierarchical resource profile of xacml v2.0, 2005.Google Scholar
A. Bauer, T. Emter, H. Vagts, and J. Beyerer. Object oriented world model for surveillance systems. In P. Elsner, editor, Future Security: 4th Security Research Conference, pages 339--345. Fraunhofer Verlag, Oct. 2009.Google Scholar
S. Benferhat, R. El Baida, and F. Cuppens. A stratification-based approach for handling conflicts in access control. In Proceedings of the eighth ACM symposium on Access control models and technologies, SACMAT '03, pages 189--195, New York, NY, USA, 2003. ACM. Google ScholarDigital Library
ContentGuard Inc. Xrml version 2.0 technical overview, March 2002.Google Scholar
L. Cranor, B. Dobbs, S. Egelman, G. Hogben, J. Humphrey, M. Langheinrich, M. Marchiori, M. Presler-Marshall, J. Reagle, M. Schunter, D. A. Stampley, and R. Wenning. The platform for privacy preferences 1.1 (p3p1.1) specification, November 2006.Google Scholar
F. Cuppens, L. Cholvy, C. Saurel, and J. Carrere. Merging Regulations: analysis of a practical example, volume 16. John Wiley & Sons, 2001.Google Scholar
D. Ferraiolo, R. Sandhu, S. Gavrila, D. Kuhn, and R. Chandramouli. Proposed nist standard for role-based access control. ACM Transactions on Information and System Security (TISSEC), 4:224--274, 2001. Google ScholarDigital Library
Y. Fischer and A. Bauer. Object-oriented sensor data fusion for wide maritime surveillance. In 2nd International Conference on Waterside Security, 2010.Google ScholarCross Ref
E. Krempel. Automatisches Identitätsmanagement zur Steigerung der Privatsphäre in intelligenten Überwachungssystemen. Studienarbeit, Lehrstuhl für Interaktive Echtzeitsysteme, Karlsruher Institut für Technologie, 2010.Google Scholar
M. Langheinrich. A Privacy Awareness System for Ubiquitous Computing Environments. In UbiComp 2002: ubiquitous computing: 4th International Conference, page 237. Springer Verlag, 2002. Google ScholarDigital Library
A. Machanavajjhala, D. Kifer, J. Gehrke, and M. Venkitasubramaniam. L-diversity: Privacy beyond k-anonymity. ACM Transactions on Knowledge Discovery from Data, 1(1):3, 2007. Google ScholarDigital Library
C. Montangero, S. Reiff-marganiec, and L. Semini. Logic-based detection of conflicts in appel policies. Technical report, Massachusetts Institute of Technology, 2007.Google Scholar
Q. Ni, E. Bertino, J. Lobo, and S. B. Calo. Privacy-aware role-based access control. IEEE Security & Privacy, 7:35--43, 2009. Google ScholarDigital Library
OECD, editor. OECD guidelines on the protection of privacy and transborder flows of personal data. OECD Publishing, 268 edition, March 2003.Google Scholar
Open Digital Rights Language ODRL Initiative. ODRL 1.1 specifications, August 2002.Google Scholar
P. Samarati and L. Sweeney. Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression. Technical report, Computer Science Laboratory, SRI International, 1998.Google Scholar
A. Schmidt, M. Beigl, and H. Gellersen. There is more to context than location. Computers & Graphics, 23(6):893--901, 1999.Google Scholar
A. Steinberg, C. Bowman, and F. White. Revisions to the JDL data fusion model. In Society of Photo-Optical Instrumentation Engineers (SPIE) Conference Series, volume 3719, pages 430--441, 1999.Google ScholarCross Ref
E. Syukur. Methods for policy conflict detection and resolution in pervasive computing environments. In In Policy Management for Web workshop in conjunction with WWW2005 Conference, pages 10--14. ACM, 2005.Google Scholar
H. Vagts and A. Bauer. Privacy-aware object representation for surveillance systems. In Advanced Video and Signal Based Surveillance (AVSS), 2010 Seventh IEEE International Conference on, pages 601--608, 292010-sept.1 2010. Google ScholarDigital Library
H. Vagts and J. Beyerer. Security and privacy challenges in modern surveillance systems. In P. Elsner, editor, Future Security: 4th Security Research Conference, pages 94--116. Fraunhofer Verlag, Oct. 2009.Google Scholar
H. Vagts, C. Bier, and J. Beyerer. Anonymization in intelligent surveillance systems. In New Technologies, Mobility and Security (NTMS), 2011 4th IFIP International Conference on, pages 1--4, 2011.Google Scholar
M. Yagüe. Survey on xml-based policy languages for open environments. Journal of Information Assurance and Security, 1:11--20, 2006.Google Scholar
R. Yavatkar, D. Pendarakis, and R. Guerin. A Framework for Policy-based Admission Control. RFC 2753 (Informational), Jan. 2000. Google ScholarDigital Library

Index Terms

Access controls for privacy protection in pervasive environments
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Privacy policies

Recommendations

RBAC-based access control for privacy protection in pervasive environments
ICUIMC '09: Proceedings of the 3rd International Conference on Ubiquitous Information Management and Communication

Pervasive environment is a post-desktop model of human-computer interaction in which information processing has been thoroughly integrated into everyday object and activities. In there environment access control is a critical issue, with many aspects ...
Read More
A framework for systemic privacy protection in a pervasive platform
ISP'06: Proceedings of the 5th WSEAS International Conference on Information Security and Privacy

Pervasive environments pose extended security and privacy threads if compared with traditional systems. Many privacy enhancing and trust management techniques have been studied in recent years. In the paper we present the DAIDALOS IST FP6 Integrated ...
Read More
Understanding identity exposure in pervasive computing environments

Various miniaturized computing devices that store our identity information are emerging rapidly and are likely to become ubiquitous in the future. They allow private information to be exposed and accessed easily via wireless networks. When identity and ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
PETRA '11: Proceedings of the 4th International Conference on PErvasive Technologies Related to Assistive Environments
May 2011
401 pages
ISBN:9781450307727
DOI:10.1145/2141622
Program Chairs:
Margrit Betke
Boston University
,
Ilias Maglogiannis
University of Central Greece, Greece
,
Grammati Pantziou
TEI of Athens (Department of Informatics), Greece
Copyright © 2011 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 25 May 2011
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
access controls
object-oriented world model
policies
privacy
trust
Qualifiers
- research-article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 1
  Total Citations
  View Citations
- 140
  Total Downloads
- Downloads (Last 12 months)1
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Access controls for privacy protection in pervasive environments

PETRA '11: Proceedings of the 4th International Conference on PErvasive Technologies Related to Assistive Environments

ABSTRACT

References

Cited By

Index Terms

Recommendations

RBAC-based access control for privacy protection in pervasive environments

A framework for systemic privacy protection in a pervasive platform

Understanding identity exposure in pervasive computing environments